Router Vulnerability - MisFortune Cookie

Started by Tacitus, Dec 20, 2014, 10:32:20

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Tacitus

Not solely iDNet related, but just a heads up in case anyone might be affected:

http://www.pcworld.com/article/2861713/dangerous-misfortune-cookie-flaw-discovered-in-12-million-home-routers.html

This vulnerability applies to many of the common domestic routers although I'm told that Apple airports are not affected.  Whether that applies to only the current model is not clear. 

More information here:  http://www.checkpoint.com/blog/fortune-cookie-hole-internet-gateway/

A list of those tested so far and suspected to be vulnerable is here:  http://mis.fortunecook.ie/misfortune-cookie-suspected-vulnerable.pdf

Note that Check Point make the Zone Alarm range of security products.......

[EDIT]  There's a bit  more about router vulnerabilities here:  http://news.techworld.com/security/3503163/best-selling-home-wireless-routers-wide-open-to-attack-study-finds/   One of the more interesting things is that leaving the default 192.168.1.X address, renders you more likely to be attacked.  I can only assume that using 10.0.0.X or the 172.16.X.X series is more secure simply because these are less common.

Steve

Nothing's really safe these days, however I tend not to let the dust settle for too long on my routers before another appears.
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

Tacitus

Quote from: Steve on Dec 20, 2014, 11:05:27
Nothing's really safe these days, however I tend not to let the dust settle for too long on my routers before another appears.

I've been using the same one for a while now.  I abandoned it in favour of a 2-Wire after I had problems and BT told me it had failed.  It's still going.....   I've kept the firmware up to date but I imagine it's been EOLd by now.  Once fibre is installed in January, I'll look to a new one, although given this problem it's difficult to choose; the fact that the ASUS isn't on the list doesn't mean it's safe, only that they haven't tested it/don't know.

In the meantime I'll repurpose the Airport; since it's one of the last of the square ones, it should be fairly safe.

davej99

Quote from: Tacitus on Dec 20, 2014, 10:32:20
Not solely iDNet related, but just a heads up in case anyone might be affected:

Thanks for that, Tacitus.
Dave
:thumb:

Steve

Asus WRT does not use RomPager neither does DD WRT.
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

Tacitus

Quote from: Steve on Dec 20, 2014, 13:35:32
Asus WRT does not use RomPager neither does DD WRT.

Asus WRT/DD WRT aren't the standard firmware though are they?  Fine for those of us that like tinkering, but possibly not for the average punter.

It's unfortunate that several of the Zyxel routers are on the list as I've always rather liked their kit.

Steve

#6
Asus WRT is the standard firmware.

https://github.com/RMerl/asuswrt-merlin/wiki/About-Asuswrt

Which ASUS Merlin is developed from.
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

Tacitus


Tacitus

FWIW I posted on the Draytek forum and got the following reply:

Quote from: Forum post by Draytek adminDrayTek do not use the vulnerable code and have no exposure to misfortune cookie.